handlers: add a test for OIDC discovery

2025-11-20 12:02:22 +03:00 · 2023-02-22 14:59:15 +01:00
parent 1e9ce8d6d6
commit 03583d2936
4 changed files with 75 additions and 14 deletions
--- a/crates/handlers/src/oauth2/discovery.rs
+++ b/crates/handlers/src/oauth2/discovery.rs
@@ -153,3 +153,27 @@ pub(crate) async fn get(

    Json(metadata)
 }
+
+#[cfg(test)]
+mod tests {
+    use hyper::{Request, StatusCode};
+    use oauth2_types::oidc::ProviderMetadata;
+    use sqlx::PgPool;
+
+    use crate::test_utils::{init_tracing, RequestBuilderExt, ResponseExt, TestState};
+
+    #[sqlx::test(migrator = "mas_storage_pg::MIGRATOR")]
+    async fn test_valid_discovery_metadata(pool: PgPool) {
+        init_tracing();
+        let state = TestState::from_pool(pool).await.unwrap();
+
+        let request = Request::get("/.well-known/openid-configuration").empty();
+        let response = state.request(request).await;
+        response.assert_status(StatusCode::OK);
+
+        let metadata: ProviderMetadata = response.json();
+        metadata
+            .validate(state.url_builder.oidc_issuer().as_str())
+            .expect("Invalid metadata");
+    }
+}
--- a/crates/handlers/src/oauth2/registration.rs
+++ b/crates/handlers/src/oauth2/registration.rs
@@ -234,7 +234,7 @@ mod tests {

        let response = state.request(request).await;
        response.assert_status(StatusCode::BAD_REQUEST);
-        let response: ClientError = serde_json::from_str(response.body()).unwrap();
+        let response: ClientError = response.json();
        assert_eq!(response.error, ClientErrorCode::InvalidRequest);

        // Invalid client metadata
@@ -245,7 +245,7 @@ mod tests {

        let response = state.request(request).await;
        response.assert_status(StatusCode::BAD_REQUEST);
-        let response: ClientError = serde_json::from_str(response.body()).unwrap();
+        let response: ClientError = response.json();
        assert_eq!(response.error, ClientErrorCode::InvalidClientMetadata);

        // Invalid redirect URI
@@ -259,7 +259,7 @@ mod tests {

        let response = state.request(request).await;
        response.assert_status(StatusCode::BAD_REQUEST);
-        let response: ClientError = serde_json::from_str(response.body()).unwrap();
+        let response: ClientError = response.json();
        assert_eq!(response.error, ClientErrorCode::InvalidRedirectUri);

        // Incoherent response types
@@ -274,7 +274,7 @@ mod tests {

        let response = state.request(request).await;
        response.assert_status(StatusCode::BAD_REQUEST);
-        let response: ClientError = serde_json::from_str(response.body()).unwrap();
+        let response: ClientError = response.json();
        assert_eq!(response.error, ClientErrorCode::InvalidClientMetadata);
    }

@@ -297,7 +297,7 @@ mod tests {

        let response = state.request(request).await;
        response.assert_status(StatusCode::CREATED);
-        let response: ClientRegistrationResponse = serde_json::from_str(response.body()).unwrap();
+        let response: ClientRegistrationResponse = response.json();
        assert!(response.client_secret.is_none());

        // A successful registration with client_secret based authentication should
@@ -314,7 +314,7 @@ mod tests {

        let response = state.request(request).await;
        response.assert_status(StatusCode::CREATED);
-        let response: ClientRegistrationResponse = serde_json::from_str(response.body()).unwrap();
+        let response: ClientRegistrationResponse = response.json();
        assert!(response.client_secret.is_some());
    }
 }
--- a/crates/handlers/src/oauth2/revoke.rs
+++ b/crates/handlers/src/oauth2/revoke.rs
@@ -233,8 +233,7 @@ mod tests {
        let response = state.request(request).await;
        response.assert_status(StatusCode::CREATED);

-        let client_registration: ClientRegistrationResponse =
-            serde_json::from_str(response.body()).unwrap();
+        let client_registration: ClientRegistrationResponse = response.json();

        let client_id = client_registration.client_id;
        let client_secret = client_registration.client_secret.unwrap();
@@ -313,7 +312,7 @@ mod tests {
        let response = state.request(request).await;
        response.assert_status(StatusCode::OK);

-        let token: AccessTokenResponse = serde_json::from_str(response.body()).unwrap();
+        let token: AccessTokenResponse = response.json();

        // Check that the token is valid
        assert!(state.is_access_token_valid(&token.access_token).await);
@@ -395,7 +394,7 @@ mod tests {
        let response = state.request(request).await;
        response.assert_status(StatusCode::OK);

-        let token: AccessTokenResponse = serde_json::from_str(response.body()).unwrap();
+        let token: AccessTokenResponse = response.json();

        // Use the refresh token to get a new access token.
        let request =
@@ -410,7 +409,7 @@ mod tests {
        response.assert_status(StatusCode::OK);

        let old_token = token;
-        let token: AccessTokenResponse = serde_json::from_str(response.body()).unwrap();
+        let token: AccessTokenResponse = response.json();
        assert!(state.is_access_token_valid(&token.access_token).await);
        assert!(!state.is_access_token_valid(&old_token.access_token).await);